The Linux Administration group is for the discussion of technical issues technical issues that arise during the administration of Linux systems, including maintaining the operating system and supporting end-user applications.

You need to configure your proxy server to not allow connections on non proxy ports. If the squid proxy is not on your gateway, you should also configure your gateway to only accept connections from the squid server.

Ultra Surf uses an encrypted HTTP session to a series of proxy servers to bypass your local proxy.
There are two ways to prevent it.
1. Remove HTTPS access to anything you don't know and set up a system whereby a user wanting an encrypted session request an exception.
2. Remove Ultra Surf from client machines.
Option 1 is virtually impossible to police and will end up in huge amounts of labour and unhappiness among your users.
Option 2 is far more tenable and much easier to police, provided you have decent control over your users machines.
Do you have an Active Directory domain? (yes this is a Linux list, but this is a question about proxy bypass which is not going to be solved on Linux UNLESS the users are using Linux workstations)
If you do, use group policy to remove unwanted applications.
Use your proxy to disable access to ultrasurf related webpages (install squidguard or dansguardian and filter content based on ultrasurf or variants).
Another thing to do is find out why your users are doing this.
Are they afraid YOU are watching them? Or are they afraid their government is watching them?
If it is the latter, then ultrasurf is not going to help as it DOES NOT ANONYMISE traffic, merely enables proxy bypass.
Provide your users with a better way to protect themselves and they will stop trying to find ways around your systems.

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.